I know all the security issues. SQL injection, XSS issues, SSL, session hijacking , I have read security books etc. But yet, I feel that a backroom boy laugh me ! I want to hack my site ethically before backroom boy did this illegally?. From Where I can start? How can I make sure that I use security preventions correctly? Thanks
A:
If you can hack your site, it's a bad thing. The only real gotcha is probably CSRF. Aside from that, you might want to setup TLS or something to secure against man in the middle attacks. Since you seem to know about input sanitization, I'd assume you don't have to worry about abuse of things like eval, include (or anything else that opens a file), system, etc.
Longpoke
2010-06-27 21:43:42
I can't quite tell if you're being sarcastic or not. Anyways; I doubt the data is so valuable as to setup SSL ;p
Robus
2010-06-27 21:46:44
I want to find my system's security holes.
phpExe
2010-06-27 21:48:04
not being sarcastic...
Longpoke
2010-06-27 22:14:41
+2
A:
Is this a trick question or something? Like, "Where's the beginning of a perfect ring?"
You say that you know the issues which you need to worry about. Write everyone that comes to mind into a list. Analyze that list, determine some priority order and get to it! If you know the issues, you should know ways to attack those issues.
I did find this decent looking article, which may very well provide you exactly what you're asking:
http://goodfellas.shellcode.com.ar/docz/web/php-fuzzing.pdf
What I was looking for is PHP Fuzzer, to add another layer of testing.
Found this list: http://www.infosecinstitute.com/blog/2005/12/fuzzers-ultimate-list.html
At this page, which explains fuzzing a bit, hence its appearance here:
George Marian
2010-06-27 22:05:24